US REvil Ransomware Group Servers Hit by Hacking Technique It Uses to Compromise Targets
White House convenes virtual meeting of countries to counter ransomware
The White House on Wednesday will convene a virtual meeting on countering ransomware with senior officials representing 30 countries and the European Union, Biden administration officials said, as part of President Biden's effort to work with global partners to address cyber threats.Ministers and senior officials from a range of countries will take part in the virtual meeting, though the attendees do not include representatives from Russia, which has been a key focus of the Biden administration in trying to root out criminal ransomware groups.
REvil, the ransomware group that hacked into the U.S. Colonial Pipeline this past May, was itself hacked and shut down by a multinational cyber operation, according to an exclusive report from Reuters.
The group was reportedly hacked into using the same technique that brought down the Pipeline.
Officials from the Federal Bureau of Investigation () along with the U.S. Cyber Command, worked with a number of different countries to bring down REvil as well as a number of other cybercrime groups.
US talks global cybersecurity without a key player: Russia
As the FDA nears a decision on authorizing Pfizer’s Covid-19 vaccine for children 5-11 years old, public-health officials and pediatricians are sharing research with families to assure hesitant parents of the shot's safety. Photo: John Locher/Associated Press
On a recent internet forum post, one of the leaders of REvil, known only as 0_neday, wrote that "the server was compromised, and they were looking for me."
"Good luck, everyone; I'm off," 0_neday continued.
The shutdown by the government used a loophole in the ransomware's backup system, allowing law enforcement agencies to access REvil's servers and shut them down.
"REvil...restored the infrastructure from the backups under the assumption that they had not been compromised," said Oleg Skulkin, an official at the Russian security company Group-IB. "Ironically, the gang's own favorite tactic of compromising the backups was turned against them."
Reuters has described REvil as "one of the worst of dozens of ransomware gangs that work with hackers to penetrate and paralyze companies around the world."
Sinclair Broadcast Group Says Some of Its TV Stations Hit By Ransomware Attack
The Hunt Valley, Maryland-based company owns or operates 21 regional sports network and owns, operates or provides services to 185 TV stations in 86 markets.The company, which operates dozens of televisions stations across the country, said that it began investigating the apparent ransomware encryption over the weekend and found that some of its office and operational networks had been impacted.
The hacking of the Colonial Pipeline by REvil and another ransomware group, DarkSide, led to massive gasoline shortages and caused Presidentto declare a state of emergency. The pipeline was only restored after Colonial Pipeline Company sent REvil $4.4 million.
REvil made headlines again in July when it hacked into software management company Kaseya, allowing the group to access the personal information of hundreds of the company's clients.
The White House National Security Council told Reuters that they were "undertaking a whole of government ransomware effort, including disruption of ransomware infrastructure and actors," but declined to comment specifically on the REvil operation.
NRA Hacked by Russian Ransomware Gang, Likely Not Politically Motivated, Expert Says .
"It's not likely that this was specifically targeted at the NRA, the NRA just happened to get hit," said an intelligence analyst at a cybersecurity firm.Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future, said that it's very unusual for a politically-active group like the NRA to be singled out by ransomware gangs. Those groups usually also opt to target vulnerable technologies rather than organizations, he said.